<?php
session_start();
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Trang login</title>


<link href="../style/cssqt.css" rel="stylesheet" type="text/css" />
</head>

<body>
<?php
	include("../config/config.php");
	if(isset($_POST["user"])&&isset($_POST["pass"]))
	{
		$user = addslashes($_POST["user"]);
		$pass = addslashes(md5(md5($_POST["pass"])));
		$lenh = "select * from khachhang where user='$user' and matkhau='$pass'";

		$kq = mysql_query($lenh);
		$n = mysql_num_rows($kq);
		if($n >0)
		{
			$_SESSION["user"]= $user;
			

			?>
            <script>
			alert('Đăng nhập thành công!');			
			</script>
            <?php
		}
		else
		{
			?>
            <script>
			alert('Đăng nhập thất bại!');			
			</script>
            <?php
		}
		
		
		
	}
	//khi dùng $_SESSION thì phải khai báo session_start(); ở đầu trang web
	$lenh2 = "select * from khachhang
		 where user = '".$_SESSION["user"]."'";
		$kq2 = mysql_query($lenh2);
		$row2 = mysql_fetch_array($kq2);
		$Macv = $row2["Macv"];

	
	if(!$_SESSION["user"]||$Macv==0)
	{
		

echo"<form id='form1' name='form1' method='post' action=''>
<div id='main'>
	<div id='title'>
    	    <p align='center'><strong>MEMBER LOGIN</strong></p> 
    	    
	</div><!--title-->
    <div id='box'>
    <p align='center'>
    	      <label for='user'><strong>User</strong></label>
    	      <input name='user' type='text' class='login' id='user' />
    	    </p>
      <p align='center'>
    	      <label for='pass'><strong>Pass</strong></label>
        <input name='pass' type='password' class='login' id='pass' />
   	    </p>
    	    <p align='center'>
    	      <input name='login' type='submit' class='nutlogin' id='login' value='Login' />
    	    </p>
    </div><!--box-->

</div><!--main-->
</form>";
	}
else
{
	?>
    <script>
	location.href="indexqt.php";
	</script>
    <?php
	
}

?>
</body>
</html>